In the last 25 years, the digital world has gone from hobby to habit to a fully homogenised part of daily life (Roser, 2023). The digital world has become undeniably ubiquitous (White & Selwyn, 2013). It loiters in our back pockets and with the taps of our fingers it has become how we work and play and participate.
The next 25 years will not see a retraction of this trend. One only needs to look at the UK government's plans for the digital optimisation of the top 75 public services - everything from funeral expense claims to fishing licences - or to learn that HM Courts and Tribunals Service handles thousands of court cases virtually, to realise that the digital world has become a principal apparatus for participating in the offline world as well (Central Digital & Data Office, 2023)(Smith, 2021). With this digital bleed, rights violations in the digital frontier will become notably destructive in the offline world. Thus, the shield of human rights law must expand its cover to better protect the ones and zeros of digital rights.
The next 25 years will see the law grappling with this expansion amidst an ever shifting backdrop of emergent technologies, breakneck technological change, and the birth of entirely novel cyber-industries (Roser, 2023). Indeed, at the time of writing, the EU’s AI Act is expected to enjoy a fourth trilogue between the European Parliament, the Council of the European Union, and the European Commission; heralding the first regulation of the artificial intelligence industry as part of the EU’s forward facing digital strategy (David, 2023). But it is not just the EU’s challenge. Both national legislatures and supranational bodies face the challenge of developing digital rights legislation fit for the rapid-onset technological change that typifies the digital age. But what does this development look like, and what form should the law take?
One mechanism of developing digital rights is through the extension, adaptation, or clarification of pre-existing human rights. A pronounced example of this is the right to freedom of expression, which is a human right protecting a person's freedom to seek, receive and impart information and ideas of their choice without interference and regardless of frontiers1. Notably, the United Nations Human Rights Council General Comment No. 34 clarifies that this right extends onto the internet and to the frontier of the digital world2. This clarification of a pre-existing right conceives several de facto digital rights, including the specific right to freedom of expression online, the right to access information and the opinions and expressions of others online, and, perhaps less obviously, the right to choose not to disclose an identity online, among others (Council of Europe, n.d.). In this way, the clarification of an individual pre-existing human right has animated a number of de facto digital protections.
Simultaneously, digital rights are developing through the conception of new rights which protect people from novel threats that are unique to the digital-online ecosystem. A salient example of this is the introduction of the right to be forgotten, which has been enshrined in various national and supranational protections3. The right to be forgotten, also known as the right to erasure, is the right to have private information removed from internet searches and other online directories, and the right to have your data erased from company records. This right is notably distinct from existing privacy rights, such as the broadspectrum right to privacy. The latter relates to information that is not publicly known, whereas the right to be forgotten involves having the right to remove information that was publicly available at a certain time4,5. The development of the right to be forgotten germinated from necessity, following an array of emergent digital rights threats that run the gamut from the unjust retention of personal electronic data, to the online distribution of revenge porn (Information Commissioner’s Office, 2023)(Nguyen, 2021). In this way, the right to be forgotten can be understood as an example of human rights law responding to novel cyber-violations. It is a digital right developed to protect people from rights-violations in a purely digital frontier.
Both the extension of individual pre-existing human rights and the conception of novel digital rights are concrete steps in the development of a causeway of digital human rights protections, but they form a piecemeal approach that is ill-equipped to corral the ever outwardly-motile frontier of the digital world. Given that the global digital ecosystem transcends state borders, such a piecemeal, individualistic approach is unsuited to tackling the stateless sprawl of cyberspace (Alliance For Universal Digital Rights, n.d).
Irredeemably, this piecemeal approach also requires that legislators understand emergent digital technologies in order to craft specialised legislation to combat the various digital violations: but they do not. Those following US politics might recall a 2018 congressional hearing wherein Google CEO Sundar Pichai had to enlighten lawmaker Rep. Steve King that Google is not the company behind the iPhone (Robertson, 2018). Even with technologically competent legislators, a sufficiently prescriptive piecemeal approach would require extensive legislative manpower. There would need to be new regulations for every single type of technological platform, industry, and new frontier, and the ones that develop off the back of those, and the ones that develop off the back of those again, and so on. It is simply not realistic to expect legislatures to provide sufficient protections in a piecemeal way without overburdening legislative resources, all whilst technological development advances in every direction away from them.
Furthermore, relying on the development of individual digital rights due to a discovered necessity is a reactive, rather than proactive, approach. Such a reactive approach requires alarm bells to sound to sufficiently rouse a legislature. But given that the digital-online ecosystem is vast, and given that the digital world is so widely integrated in every facet of our lives, the approach of waiting for harm to be realised engenders huge risk. Technologies can be so widely implemented that digital rights violations can harm whole populations (Datareportal, 2023). Entire communities, sectors of society and even entire industries can suffer widespread damage before a corresponding legislative session begins. The risks engendered by this approach are compounded by the inherent power imbalance in the distribution, access, and therefore understanding, of emergent technologies. There is a vast power imbalance with who gets access to new technology first. Large, powerful corporations are the ones to fund, own and implement emergent technologies, wielding them against a comparatively powerless underclass, often before this underclass can understand or consent to such (Datareportal, 2023).
The solution to mitigate these shortcomings is a universal code of digital rights. A universal code of digital rights would inherently be both proactive and broad-spectrum in its approach. It would overlap state borders, and operate pan-jurisdictionally, in as similar a way as possible to the borderless nature of the digital-online ecosystem. Thus it would be better positioned to tackle the stateless sprawl of cyberspace.
Such a code would not rely on individual legislators maintaining a working knowledge of specific digital technologies, but rather would require them to understand the broader, more digestible principles that govern the technologies over which they are imposed. In this way, it would provide populations protection from, and prevent large technology corporations from exploiting, technologically incompetent legislators. Beyond the knowledge and competencies of legislators, a universal code makes it easier for everyday people to understand their rights. A single code is accessible, far more so than the drawing together of various sources of piecemeal legislation.
Additionally, a universal code of digital rights consumes fewer legislative resources. Its universality would apply broadly to every single type of technological platform, industry, and newfrontier, encompassing all development in the digital-world at once. This would provide broad-spectrum digital rights protections whilst freeing up legislative manpower. Notably without stopping legislators from conceiving of supplementary digital protections for specific industries as needed.
Finally, a universal code is proactive in its approach. Rather than expecting legislators to be able to effectively chase the tails of runaway technology giants, the developers of digital technology will have to ensure their innovations are compliant with basic digital rights standards from the outset. This should reduce the risk of widespread digital rights violations, protecting whole populations and communities from exploitation and harm.
In the last 25 years, the digital world has gone from hobby to habit to a fully homogenised part of daily life. The next 25 years will see the ever expansion of our current cyber-ecosystem, emulsifying the digital world further into life offline. With this great digital bleed, the need to protect people from rights violations in the digital frontier will gain in urgency. But what will these developments look like, and what form will digital human rights law take?
Rhiannon Victoria Maher is an Open University student, studying W360 Justice in action and W330 European Union law. Her interest in law stems from the human rights pedagogy, particularly from the work of Janusz Korczak. Rhiannon has a special interest in poverty and disability rights, and was runner up in the Human Rights Lawyers Association Lord Kerr Essay Prize in 2023.